identitypolicy.java

jBpm是一个灵活可扩展的工作流管理系统。作为jBpm运行时server输入的业务流程使用简单强大的语言表达并打包在流程档案中

/*
 * JBoss, Home of Professional Open Source
 * Copyright 2005, JBoss Inc., and individual contributors as indicated
 * by the @authors tag. See the copyright.txt in the distribution for a
 * full listing of individual contributors.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */
package org.jbpm.identity.security;

import java.security.*;
import java.util.*;
import org.jbpm.identity.Entity;

/**
 * a java.security.Policy implementation that in combination with the 
 * IdentityLoginModule enforces the secirity permissions modelled as
 * in the package org.jbpm.identity.
 */
public class IdentityPolicy extends Policy {
  
  public static final PermissionCollection ALL_PERMISSIONSCOLLECTION = new Permissions();
  static {
    ALL_PERMISSIONSCOLLECTION.add(new AllPermission());
    ALL_PERMISSIONSCOLLECTION.setReadOnly();
  }
  
  public void refresh() {
  }

  public PermissionCollection getPermissions(CodeSource codesource) {
    // no checks are done based on the origin of the code
    // checks are only based on *who* is running the code.
    return ALL_PERMISSIONSCOLLECTION;
  }
  
  public PermissionCollection getPermissions(ProtectionDomain domain) {
    PermissionCollection permissionCollection = new Permissions();
    
    Principal[] principals = domain.getPrincipals();
    // if there are principals
    if (principals!=null) {
      // loop over the principals
      for (int i=0; i<principals.length; i++) {
        // if the principal is a org.jbpm.identity.Entity
        if (Entity.class.isAssignableFrom(principals[i].getClass())) {
          // add all the identity's permissions to the set of permissions.
          Iterator iter = ((Entity)principals[i]).getPermissions().iterator();
          while (iter.hasNext()) {
            permissionCollection.add((Permission) iter.next());
          }
        }
      }
    }
    
    return super.getPermissions(domain);
  }
  
  public boolean implies(ProtectionDomain domain, Permission permission) {
    return getPermissions(domain).implies(permission);
  }
}